https://www.ory.sh/ logo
#talk-oathkeeper
Title
# talk-oathkeeper
h

hundreds-train-83112

04/29/2022, 8:53 AM
Hi everyone! I have an Oathkeeper instance that uses a Kratos instance (also managed by me) as "cookie_session" authenticator handler. I have two kind of identities schemas defined in Kratos: one for "admins" and another one for "users". How can I configured Oathkeeper so it has an access rule that only forwards requests for "admins" but deny access for "users"?
Do I need Keto for this?
d

damp-sunset-69236

04/29/2022, 11:19 AM
I think that for your case the ideal solution would be to implement a simple microservice with one endpoint that does the following steps 1. Calls
/sessions/whoami
endpoint 2. Checks session and returns 200 OK for admins (you can rely on schema id of session object)
You can use Keto when you need to have more permissions
h

hundreds-train-83112

04/29/2022, 11:23 AM
🤔 makes sense.. So Keto can provide this but it'd be overcomplicate things, right? That said.. It could make sense to setup Keto if I plan to continue adding more rules right? E.g. I introduce a new identify schema for developers, and developers have intermediate permissions
Thanks for your help by the way @User
d

damp-sunset-69236

04/29/2022, 11:28 AM
For this particular case yes, Keto will overcomplicate things
Yep. You’re right 😉
h

hundreds-train-83112

04/29/2022, 11:37 AM
Awesome, thanks again
3 Views